Phishing attack on Ukrainian electricity utilities systems

Recently Ukrainian electricity utilities systems were exposed to phishing attacks which let to power cut affecting almost 80,000 customers for six hours.

The current Phishing attacks were similar to that of BlackEnergy attacks that happened on 23rd december in the Prykarpattya Oblenergo and Kyiv Oblenergo causing huge Power cut leading to mass outrage.

Ukraine's nation security have doubted Kremlin for the attacks.

For the current phishing attack , computer systems were served with malicious Microsoft XLS files , which attempts to open and execute open source software GCat backdoor, software which is responsible for handling Ukrainian electricity utilities systems.

This technique has been used in other attacks as well. According to Robert Lipovsky, who is ESET threat man confirmed that in the attack Users on the system are urged to download macros, and then those macros downloads executables and run shell commands leading to total crash of software .

Some of the GC at backdoor functionality like making screenshots, keylogging or uploading files, were removed from the source code.

The macros were sent using gmail account, which makes malwares difficult to detect.

Lipovsky said they were not certain of role of Russia or other actor in the attacks.

Many researchers in Ukraine are working on forensics and systems security following BlackEnergy attacks.